Product SiteDocumentation Site

1.148. pam

1.148.1. RHBA-2010:0135: bug fix update


This update has already been released (prior to the GA of this release) as errata RHBA-2010:0135
Updated pam packages that fix a bug in the pam_time and pam_group modules are now available.
Pluggable Authentication Modules (PAM) provide a system whereby administrators can set up authentication policies, without having to recompile programs to handle authentication.
These updated packages fix the following bug:
* the pam_time and pam_group modules, which support allowing or rejecting authentication based on time and assigning group names respectively, incorrectly matched user, service, or terminal name substrings even if no wildcard was specified in the configuration. For example, "user" and "user1" were incorrectly equated, causing policies to apply to both usernames even when "user" was the only username subject to said policies. This update improves the string matching in the pam_time and pam_group modules ensuring such mis-matches (and consequent policy mis-applications) no longer occur. (BZ#571341)
All pam users are advised to upgrade to these updated packages, which resolve this issue.

Note: This documentation is provided {and copyrighted} by Red Hat®, Inc. and is released via the Open Publication License. The copyright holder has added the further requirement that Distribution of substantively modified versions of this document is prohibited without the explicit permission of the copyright holder. The CentOS project redistributes these original works (in their unmodified form) as a reference for CentOS-5 because CentOS-5 is built from publicly available, open source SRPMS. The documentation is unmodified to be compliant with upstream distribution policy. Neither CentOS-5 nor the CentOS Project are in any way affiliated with or sponsored by Red Hat®, Inc.